grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix intro text

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-10-02 07:59:41 -04:00
parent e1e9b0183e
commit 1c46064a66
3 changed files with 45 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

28
PhD/research_proposal/frontpages.tex
View file

@ -34,7 +34,7 @@
thesis requirement for the degree of \\
Doctor of Philosophy \\
in \\
Philosophy of Electrical and Computer Engineering \\
Electrical and Computer Engineering \\
\vspace*{2.0cm}
@ -108,21 +108,21 @@ Supervisor: \> Sebastian Fischmeister \\
\addcontentsline{toc}{chapter}{Abstract}
\begin{center}\textbf{Abstract}\end{center}
Most current Intrusion Detection Systems (IDSs) share the flaw of requiring the cooperation of the system to protect.
Whether the IDS is a software or hardware component, they don't perform the detection independently and require the system to protect to execute or call them.
This is a critical flaw as it allows attackers to avoid detection by forging input data, forging detection results, or bypassing the IDS altogether.
This is particularly problematic for firmware-level attacks that enable control of the most critical components of the machine, making the attacks especially difficult to detect, mitigate, and remove.
Most current Intrusion Detection Systems (IDSs) share the flaw of requiring the cooperation of the system to protect --- the target.
Whether the IDS is a software or hardware component, they don't perform the detection independently and require the target to execute a programm, use a component, or transmit resuts.
In the case of a compromised target, this critical flaw allows attackers to avoid detection by forging input data, forging detection results, or bypassing the IDS altogether.
This design makes the result of the detection trustworthy only when the target is not compromised.
This observation leads to the conclusion that we cannot entrust machines to assess their integrity.
To remain trustworthy, the IDS must be independent of the machine to protect and require no cooperation to perform the detection.
The main challenge with such a system is getting access to relevant data.
Network-based IDS fit in this category and exhibit complete independence, but their input data --- network communication from the machine --- is only relevant for a small subset of attacks.
This observation leads to the conclusion that we cannot entrust machines to assess their own integrity.
To remain trustworthy, the IDS must be independent of the target and require no cooperation to perform the detection.
The main challenge with such a system is collecting relevant data.
The main example of such a system are Network-based IDS (NIDS).
NIDS exhibit complete independence, but their input data --- network communication from the machine --- is only relevant for a small subset of attacks.
This thesis proposes to explore another family of IDSs called physics-based IDS that leverages side-channel information.
Side-channel information is a perfect candidate for intrusion detection.
The generation of this information is, by definition, involuntary.
Hence, their measurement requires no communication with the machine to protect.
Moreover, if chosen carefully, side-channel information can provide insight into all activities performed by the machine.
This proposal describe another family of IDSs called physics-based IDS that leverages side-channel information.
Side-channel information is a perfect candidate for intrusion detection as it is, by definition, an involuntary emission from the target.
Collecting side-channel information requires no communication with the machine to protect.
Moreover, if chosen adequately, side-channel information can provide insight into all activities performed by the machine.
Finally, side-channel information remains practical to measure on virtually any embedded system, providing a solution that is not only theoretical but also applicable in the real world.
This proposal describes the exploratory work already achieved in the domain of physics-based IDS and outlines the main problems to study to evaluate the potential of this technology.